Analysis

  • max time kernel
    178s
  • max time network
    132s
  • platform
    android_x86
  • resource
    android-x86-arm-20240603-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
  • submitted
    05-06-2024 18:13

General

  • Target

    98e2bfe512283b86a8eb13d6868149df_JaffaCakes118.apk

  • Size

    3.9MB

  • MD5

    98e2bfe512283b86a8eb13d6868149df

  • SHA1

    3ea5a9da21b003663ac7409e0da321c56bbfbdc2

  • SHA256

    b308e2f74a8b380629eb7b219960c7caae020491a6d40d143472c89423b229bd

  • SHA512

    eb2adb1f0c14cb4fa843542dd4a0511d2fd51cc9ffbabb62fe6389f9d822b33e50a1994c0ea66065d2826a26c517190626fa8f0c5cfb6e0ca8cf16a4db281a4c

  • SSDEEP

    98304:pZnuJaIxkySoUpIB2IsiKGEIpCCOeVSJReccU0YYpNt5gKE7:pYDzeU/XEJCXSknUZK5C

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • com.wRoyalGrocery_8098929
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4378
  • com.wRoyalGrocery_8098929:Metrica
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4438

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.wRoyalGrocery_8098929/no_backup/credentials.dat

    Filesize

    234B

    MD5

    71b01703869493d58fe0882aeddec6f4

    SHA1

    5e1e55a1ff58e3199c4b1c5eabeda7c76f8c732d

    SHA256

    7a1734da5ca4a5aaf802dd027cf5e3073184fa64c9159412e88b5ae2ef8dca00

    SHA512

    780b48782c91fb9ad7f252bdd823788c6de71029ee870ade7e3294b9880b28be6dc8ce14f0cec118bc4450f1c40899dcc9ca1ff211d7c88d832c2ed3cc7a0d3d

  • /data/data/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929

    Filesize

    36KB

    MD5

    af65013f106ae186526e738dae12880b

    SHA1

    61b5216c60aef205c95b7eedca00ddffda17952e

    SHA256

    e0efc4d0580ab9c888de3f18b365ba94c52c0462663b02a048a0b8ae671efbeb

    SHA512

    127fd2406da12c514fdc5612c74592f097edbccfd6c28d597aaed9128109f2a50fc662944a8ff3cbd89a712676f1b88207cff3f7e4ea0ac689b76ad698072d55

  • /data/data/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929-journal

    Filesize

    8KB

    MD5

    99827129918f0c964f6ec11f7f1959f0

    SHA1

    b26615dc9d0e4152873f3a9ff2ad849403ad1988

    SHA256

    4516558589886ae757e4e20f9ae5e351d21971bea3bad5bf20ff9b7aa3f8508c

    SHA512

    b6b14d9727d343ec4045b208140a3509809d4d3e023d813f35a2a7e70f14709819af8c76931fd3dd4ae4e8c3461e225ef2585045f9fde089aa617425acd5990f

  • /data/data/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929-shm

    Filesize

    32KB

    MD5

    2ebdc7b5dfb3ff15d637175f5962e32b

    SHA1

    8110e5c4fd13cf962f8c224cc8687b42ce18f858

    SHA256

    6ec1b9452a77e404de7382f84d8164f60cea2741ea8cbd6ce4accb83e328b444

    SHA512

    92553fd7390443ee6ec2dab202216bdbb3df20aafc82d2804b1d55b8375eafb2aacb3b64a70041f65dd6cc6bb2bf9b495b2f354e6bcc821a5424a0df77770306

  • /data/data/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929-wal

    Filesize

    406KB

    MD5

    7db650dfc2d3a01fbc5f3727f24b1d45

    SHA1

    fd5becef88ea10ab9015a099f7eac76078d28f10

    SHA256

    af2399a28e6cd79113347a1e1a1155696ecfce2711ea00e2097a65ace50064f5

    SHA512

    5380c6e39533c8b29d30ad0cf4e507fbf6ce2b5bac5a060e748af006cdf80d674dc5acf2a0ac40b1c8fb1b3df13bb8f9601072f18491a943dc3c3dc5d1e7fad2

  • /data/data/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929_20799a27-fa80-4b36-b2db-0f8141f24180

    Filesize

    4KB

    MD5

    cd9d4341366c66d4e67c5865b0559000

    SHA1

    f853dc8b02a074e15e5f5ea1f5eea8602af3fd52

    SHA256

    13f37e814bf3cbe0ef5bf89ca8f1f814bc0d42c1a6c571ebd72bf34f02658cfe

    SHA512

    4611443a50f446fdf9eb78eb02684755053ca5453a2266a22a3255a7b6f6bfc041ad07b0a10fd37c5d09c20f4b6057fa4830f64bfa1a2a16cce578dc7e66cf3c

  • /data/data/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    512B

    MD5

    46b5cfef643d5ef986b28d366a0ffb51

    SHA1

    d20ad39df39d6db78846c0bc336f5380b524f832

    SHA256

    94dd05d9850cfa386986c91a06ccf8efcc1db76547e37c5ee5d7ec8a61272b24

    SHA512

    07a1319f5d9d9c46d5f3611af25b59c113fc3df4e1c87dd88a978d4804bfa81a6d4892228ee929467cbff123663e4ab26eb1d3e390afe610a47e68410075af86

  • /data/data/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929_20799a27-fa80-4b36-b2db-0f8141f24180-wal

    Filesize

    164KB

    MD5

    9c257d03f332d9bcdfacd8147c5215c4

    SHA1

    57ca361959f7d8836d21147497558a326f34691b

    SHA256

    5cc47e0fe1cb9a800191091b83bcef8f0f7a27d1f56de91735acafdb365edbad

    SHA512

    c6fc3c83ec4491b6020c830777f7a96d1007b362a02454dad80931e627c9685b2cd8497e239289f68e7edaaa824bdc3577cde05c31f184e0981d6bc39d270c11

  • /data/data/com.wRoyalGrocery_8098929/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    bd44b5d882bb5b2cc3bf4b86b49e18b6

    SHA1

    c2b333cdea2fba2237cba03f2faa42f9c303fea2

    SHA256

    c8a6e88f2b30523b4b7d3a4282a8ae7c05fe6786a6452edc8594272c2cc07483

    SHA512

    0ef4ad054dc728f3b8e177cc3b48012a8c682780e7a47a15633b30259adf772c07995d97ab9de4fbfa1040941e674bb7f42e87115c531b823fabf736d5404fd5

  • /data/data/com.wRoyalGrocery_8098929/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    92a9835a2afaa45513245269219af36f

    SHA1

    c2bcb75b0a4660e3f54bfc1c4d89caa38ded997c

    SHA256

    9c2e8836a67800a2e870732ccebe2294f5eeff05907f8dcfd045bb98fdc0cad5

    SHA512

    74349cad494b100a33bebfa6850acf37f73630c3607b52daf1ec3a2eaf234617016d2aad72f46d3bba6dcc6040788d4c098e8d2d6b333f9a0351a3ac97cb4afd

  • /data/data/com.wRoyalGrocery_8098929/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    44def4f6e42c3ec63f229d23af8c804a

    SHA1

    f5956d9295778b539bced03215343fd3cf7a9dd8

    SHA256

    882faff2a0f007164d5dbda7bd7f803306423b5eb48a88b1bb72bde65b77e50a

    SHA512

    a14770398044635a8a8fc0d59dc95af3a97ae78146a9ace3795d600a44098a5ff7099aa3d0ac40442f8ff8c5d3b5ceecb4b360bf47f3e8c7c902879e2e76228d

  • /data/data/com.wRoyalGrocery_8098929/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    b2bf3402fb631a4ce61cd3a1ec1d6c2e

    SHA1

    08b2590eff56e5ced6350de286746aea81266bfc

    SHA256

    8c1f986b8e556a3b910d164979ef91d762bb79bf092677818df55d543bbcbe6e

    SHA512

    033bc35a2062365b6f00633fe971875fa6edd3a3c7eb8eb3bda3cfc225f0e5bf2ff17ad541fab7d925eeafa62a22fe64ebc4e55ca829049c21ee7b1e0b696530

  • /data/data/com.wRoyalGrocery_8098929/no_backup/metrica_client_data.db-journal

    Filesize

    406KB

    MD5

    ad78d3c355d690c99b7f6c5db1a52cda

    SHA1

    91feb7c2882fdcded1d51dd169803ad32117c619

    SHA256

    b9996833e45445ecb6686f2253f6c9b78f154721fe7eca3b5e5ba55eb6f57a0e

    SHA512

    59566c5f1b8c4b737635eeff112c8ba0f2f86bfb20dd07f49acc6b9f61b9969af6d7c3fe80e595af3811ece120bd0f1095df3d3f65306f721a55605f9beb364a

  • /data/data/com.wRoyalGrocery_8098929/no_backup/metrica_client_data.db-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.wRoyalGrocery_8098929/no_backup/metrica_client_data.db-wal

    Filesize

    32KB

    MD5

    28be3972f7ba9f495f13989b990ec183

    SHA1

    eef866319212b41c36fd72f602d332c236542a12

    SHA256

    c7f4c3499d589cf6e4e70fa0224da0faeef2152665e7632f14c28abf80668f35

    SHA512

    7cde6616da0bdc81d9240bd94be5d682ed8d5fe8047f0eb48c4ff620b33f8a32dc6877cea70133866052159b11bcf4d258e3526a3853a51330652d7eef65559e

  • /data/data/com.wRoyalGrocery_8098929/no_backup/metrica_client_data.db-wal

    Filesize

    8KB

    MD5

    884436b08d5406361e8de524d9409e85

    SHA1

    ff6d97514189df44a58d7529180c9e0a30a6158e

    SHA256

    8cd994b25326b56b3e443a892c86ea1824a4beecb0227e888c9c32672b563423

    SHA512

    5fd2c0e6d98b8e9d8bed321f13b47d8375f8c277227cc8a04e0a35726146d06428204ae599f8aebf320ae358ffd27352f734a849cde42b4aed6c15d0a22c2604

  • /data/data/com.wRoyalGrocery_8098929/no_backup/metrica_client_data.db-wal

    Filesize

    32KB

    MD5

    0b65b875a68022da74567221aeebebb0

    SHA1

    c3d792a96b5b66d9c27bc9991335d9c7112be51d

    SHA256

    07d72e2c4650863f39ce31b5f91b5959e85ef6732783f9dd5d82f114d844d9e5

    SHA512

    0cdf6283c0fecf5661c094348c2c7f6b2a8b1f900b56119f171e4e3f6d440c67da3bcef96f4b732425d853768bd30e231373282587c1a1040b536aab5945deb6

  • /data/data/com.wRoyalGrocery_8098929/no_backup/metrica_data.db

    Filesize

    44KB

    MD5

    35ca33e0541c23f18cccd458b204d6cf

    SHA1

    68d1031b068cc09b884d034f5863f4055693ae9f

    SHA256

    531196c8a7f6b7898da5115c1a348f1d06f532c66fc6542a847d15bc38b9331a

    SHA512

    ca44c2da159ff6eaf6e3d334880529581c4fa63f3cfaeed26ba4b8b9ca6730aec66b7040b65d45806e5732a1d07ae0207307115f9f81e5c0da9d259b39d5960f